1. Field of the Invention
The present invention relates to the field of data security. More particularly, the present invention relates to a biometric processor which locally processes biometric information to authenticate an individual before permitting access to a node.
2. Description of Art Related to the Invention
With more and more businesses utilizing personal computers ("PCs"), the importance of data security has increased dramatically. For a data security system to be highly reliable, it must preserve the "integrity" of data transmitted between two PCs as well as control access to one or both of the PCs. One way of controlling access to a PC is by implementing access control systems that utilize biometric devices and operate in accordance with user authentication or user identification techniques (hereinafter referred to separately as "user authentication biometric systems" and "user identification biometric systems", or collectively as "biometric systems").
Currently, there exist many biometric devices that can digitally scan a characteristic of the user (e.g., finger print, iris, retina, facial and hand geometries, etc.) and capture one or more frames of digital data corresponding to that characteristic. The one or more frames of digital data are collectively referred to as a "data clip". Normally, for a user authentication biometric system, its biometric device captures a data clip and transmits the data clip to a computer operating as a database through a signal line in a non-encrypted format. The computer processes the data clip, searches for pre-stored "master" characteristics of the individual requesting access to the node who has previously identified oneself through voice, data input and other input means, compares the data clip to the pre-stored master characteristics, and grants access to a node or an area if certain features of the data clip match those of the pre-stored master characteristics contained in the computer. Otherwise, access is denied. Additionally, the data clip may be stored as an additional security measure.
The user identification biometric systems normally operate in a manner similar to user authentication biometric systems, but are more computationally intensive. The reason is that user identification biometric systems do not rely on any prior identification information by the user to ascertain the user's pre-stored master characteristics for comparison purposes. Instead, the data clip captured by the biometric device is successively compared with each pre-stored characteristics until a match is detected or all of the pre-stored characteristics have been compared to the data clip.
Currently, both biometric systems suffer from a number of disadvantages. One disadvantage is that, in general, a captured data clip transmitted from a biometric device is susceptible to fraudulent alteration if the biometric device is not physically connected to the electronic device processing and/or storing the captured data clip. The reason is that the signal line, situated between a biometric device and the electronic device responsible for the processing the data clip, is publicly accessible. This allows interlopers an opportunity for the captured data clip to be substituted with (i) prior recorded data, (ii) data transferred in real-time from another location or (iii) data combined with non-existent images or characteristics. Assuming that both the biometric device and the associated processing device are themselves physically protected from being tampered with, a solution to this problem is to apply standard cryptographic techniques to the communications between these devices. These techniques may range from creation of a "secure path" where all communications are encrypted to simple authentication of message authenticity where digital signatures or authentication codes are applied to specific messages. Typically, some type of challenge/response methodology will be used to facilitate mutual authentication of the equipment involved.
Another disadvantage is that this functional partitioning of the system requires all captured biometric data to be transmitted over the signal line to the corresponding processing device, potentially creating high static bandwidth requirements for that communication line. For example, a remotely located video camera used for biometric authentication is typically continuously capturing and transmitting data clips (video images) over the dedicated signal line back to a computer operating as a centralized authentication processing center. Obviously, if a bad data clip is captured (e.g. one with bad image quality) is captured, there is no mechanism to preclude that data clip from being processed because conventional biometric devices merely act as a conduit in transferring information to the computer regardless of its quality. As a result, processing time of the computer and bandwidth associated with the signal line are wasted because user authentication or identification is virtually guaranteed to fail when processing a bad data clip.
Therefore, it would be advantageous to develop a biometric system that overcomes the second disadvantage discussed above by localizing the processing of the data clip within the biometric device itself via a biometric processor. This localized processing, if desired, could extend to provide full identification or authentication functions without requiring an additional task being executed by a host processor of the system.